DevicePath node types may have any size, and so it is up to the code that manipulates them to ensure that dereferencing them only occurs when the pointer is aligned explicitly.
Since BdsConnectAndUpdateDevicePath() has only two callers, one of which itself, we can simply duplicate the device path (similar to how DxeCore's CoreConnectController () does it), and free the pool allocation again on the way out. (Note that the allocation only occurs when the non-recursive path is taken) Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Ard Biesheuvel <[email protected]> --- Platform/ARM/Library/BdsLib/BdsFilePath.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/Platform/ARM/Library/BdsLib/BdsFilePath.c b/Platform/ARM/Library/BdsLib/BdsFilePath.c index 74fdbbee773d..543ac8f83086 100644 --- a/Platform/ARM/Library/BdsLib/BdsFilePath.c +++ b/Platform/ARM/Library/BdsLib/BdsFilePath.c @@ -421,7 +421,7 @@ BdsConnectAndUpdateDevicePath ( } if (RemainingDevicePath) { - *RemainingDevicePath = Remaining; + *RemainingDevicePath = DuplicateDevicePath (Remaining); } return Status; @@ -1333,14 +1333,18 @@ BdsLoadImageAndUpdateDevicePath ( } FileLoader = FileLoaders; + Status = EFI_UNSUPPORTED; while (FileLoader->Support != NULL) { if (FileLoader->Support (*DevicePath, Handle, RemainingDevicePath)) { - return FileLoader->LoadImage (DevicePath, Handle, RemainingDevicePath, Type, Image, FileSize); + Status = FileLoader->LoadImage (DevicePath, Handle, RemainingDevicePath, + Type, Image, FileSize); + break; } FileLoader++; } - return EFI_UNSUPPORTED; + FreePool (RemainingDevicePath); + return Status; } EFI_STATUS -- 2.17.1 _______________________________________________ edk2-devel mailing list [email protected] https://lists.01.org/mailman/listinfo/edk2-devel
